GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,438
Erlang
29
GitHub Actions
16
Go
1,663
Maven
4,922
npm
3,450
NuGet
594
pip
2,853
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the...
Moderate
Unreviewed
CVE-2021-20723
was published
May 24, 2022
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1...
High
Unreviewed
CVE-2018-19860
was published
May 24, 2022
Lexiglot through 2014-11-20 allows CSRF.
Moderate
Unreviewed
CVE-2014-8942
was published
May 17, 2022
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Moderate
Unreviewed
CVE-2014-8943
was published
May 17, 2022
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and...
High
Unreviewed
CVE-2014-8945
was published
May 17, 2022
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin...
High
Unreviewed
CVE-2014-8941
was published
May 17, 2022
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a...
Low
Unreviewed
CVE-2014-8938
was published
May 17, 2022
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the...
Low
Unreviewed
CVE-2014-8944
was published
May 17, 2022
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path)...
Moderate
Unreviewed
CVE-2014-8939
was published
May 17, 2022
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and...
Moderate
Unreviewed
CVE-2014-8940
was published
May 17, 2022
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update...
Moderate
Unreviewed
CVE-2014-8937
was published
May 17, 2022
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce...
High
Unreviewed
CVE-2014-8183
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird...
Moderate
Unreviewed
CVE-2013-6674
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird...
Moderate
Unreviewed
CVE-2014-2018
was published
May 17, 2022
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers...
High
Unreviewed
CVE-2014-10069
was published
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts...
Critical
Unreviewed
CVE-2014-9972
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts...
Critical
Unreviewed
CVE-2014-9971
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check...
Critical
Unreviewed
CVE-2014-9981
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow...
Critical
Unreviewed
CVE-2014-9976
was published
May 14, 2022
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows...
Low
Unreviewed
CVE-2013-2929
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400...
Critical
Unreviewed
CVE-2014-9996
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile...
Critical
Unreviewed
CVE-2014-9985
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400...
Critical
Unreviewed
CVE-2014-9994
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API